NIST eyes removing flawed Dual_EC_DRBG alogrithm from guidelines
NIST is looking to remove the flawed Dual_EC_DRBG algorithm from its guidelines.
The National Institute of Standards and Technology (NIST) is seeking to update its guidelines by removing a flawed, community-developed algorithm believed to contain a backdoor.
NIST announced on Monday that it had revised its document, “Recommendation for Random Number Generation Using Deterministic Random Bit Generators,” to exclude the questionable Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm.
“NIST is removing the algorithm based on our own evaluation and the lack of public confidence in the algorithm,” Jennifer Huergo, a NIST spokesperson, told SCMagazine.com in a Tuesday email correspondence.
Huergo linked to a revision summary, posted on Monday, which explains how Dual_EC_DRBG is perceived by the public to contain a backdoor. This backdoor could result in attackers predicting secret cryptographic keys, according to the summary.
The revised document, known as SP 800-90A, has only just been opened for public comments, so there has not yet been much of a community response, Huergo said. Commenters have until May 23 to voice their opinions on the update, according to a Monday NIST release.
NIST is urging all users not to wait for further revisions and to quickly begin shifting to one of the other algorithms still supported in the revised document, which include the Hash_DRBG, HMAC_DRBG, and CTR_DRBG algorithms.
In September 2013, NIST advised against using Dual_EC_DRBG due to a possible backdoor. Shortly after, RSA, which used the algorithm in all its BSAFE Toolkits, recommended shifting to one of the different algorithms built into the BSAFE Toolkit.
In December 2013, reports suggested that RSA entered into a $10 million secret agreement with the National Security Agency (NSA) to continue using the flawed algorithm in its products, but RSA quickly denied the allegations.